10 Worst Government Data Breaches Of 2012
SQL injections, post-phishing privilege escalations and poorly secured backup data all played roles in exposures of sensitive government data stores.
With federal and local government agencies suffering the brunt of Anonymous protests, targeted phishing attacks leading to privilege escalation, and highly effective SQL injection attacks granting wide-scale access to information, citizen privacy definitely took a hit in 2012.
1. South Carolina
More than 3.3 million unencrypted bank account numbers and 3.8 million tax returns were stolen in a wide-ranging attack against the South Carolina Department of Revenue that all started through a state employee falling for a phishing attack that enabled hackers to leverage that employee's access rights to gain access to the government entity's systems and databases.
Lessons Learned: Database protection layers like database activity monitoring, not to mention other network detection measures, could have gone a long way toward minimizing the damage caused by the type of phishing attack that all organizations, public and private, face today....